(19)
J
(12)
(43) Date of publication:
10l 04.1 996 Bulletin 1996^5
(21) Application number: 95113153.1
(22) Date of fling: 22.08.1995
iillllliiillll
European Patent Office
Office europeendes brevets (11) EP 0 706 275 A2
EUROPEAN PATENT APPLICATION
(51) Int. a. 6 : H04L 9/32, H04L 9/30
(84) Designated Contracting Slates:
DEFRGB
(30) Priority: 15.09.1994 US 306741
(71) Applicant International Business Machines
Corporation
Armonk, N.Y. 10504 (US)
(72) Inventor: Arnold, Todd Was ton
NC 28262 (US)
(74) Representative: Rach, Warner, Dr.
IBM DeutscNand
uuufiiiauuf issysxBme umDn,
Patontwoaon und Urheberrecht
D-70548 Stuttgart (DE)
(54) System and method for secure
(57) The present invention overcomes thedisadvan-
tagee and imi ta tion s of the related art by provitfng an
apparatus and method for secure cEstrfcution of soft-
ware, software updates, and configuration data. Cryp-
tography is used to protect software or da
to computer products or peripherals using i
and distribution of data using digital signatures
(fsfrbution channels. In the preferred embodiment the
contents of the data cannot be read by anyone who
obtains the data, and tie data wfl not be accepted unless
it is unmodffied and originated with the valid source for
such data.
HG.2
KEY
h
RJBUC
KEY
RJNCmON
MORTON
(0)
PUBUCKEY
SYSTEM
r
aenpL
8HMMURB
Printed by Ran* Xm (UK) Bu*w» Smvtom
2.10.4/14
EP0706275A2
Description
BACKGROUND OF THE INVENTION
1. Rett of the Invention
The present invention relates to an apparatus and method for secure distribution of data More particularly, the
present invention relates to an apparatus and method tor secure distribution of software, software updates, and config-
uration data.
2. Description of Related Art
In today's business environment, data is one of the most valuable resources required for mejrttaining a competitive
edge. As a result, businesses must often be able to maintain data confidentiality, readly determine the authenticity of
data, and closely control access to data. As used herein, the term "data" means a representation of facts, concepts or
instructions in a formalized manner suitable for communication, interpretation, or processing by human or automatic
means, including, but not limited to, software, software updates, and configuration data.
Data systems commonly consist of many types and sizes of computer systems that are interconnected through
many different electronic data networks. It is now common for an organization to i n terconnect its data systems with
systems that belong to customers, vendors, and competitors. Larr^c^
or they might provide continual services. For purposes herein, "computer includes a device capable of performing the
functions of a Turing Machine, including a rvtfaocomputer, nrMcornputer, or mainframe computer. A Turing Machine is
a well-known computer science concept and is explained in Encyclopedia of Computer Science, Ed. Anthony Ralston,
ISBN 0-88405^321 -0, which is specifically incorporated herein by reference. "Memory" includes a device or devices for
storing data for use by a computer, inducing electronic, magnetic, and eJertro-rrtagnetic memory.
A combination of elements must work together to achieve a more secure environment A security poicy, based on
an appraisal of the value of the data and rxrtential threats to that dafe
Security functions can be c at egorized as follows:
* Identification and aut^^ ttentfm users to the system and provides prc^f that they are wh^
* Access control. Determines which users can access which resources.
* Data cortfktentiafty. Protects an organization^ sensitive data from unauthorized disclosure.
* Data integrity. Ensures that data is in its originaJ form and that it has not been altered.
* Security management Admi n isters, controls, and reviews a business, security policy.
Nonrepucftation. Assures that the m es s a g e was sent by the appropriate individual.
Cryptography includes a set of technic|Lies for scrambfcig or tfcguisinQ date so that I is avertable only to someone
who can restore the d^ tofts orig^forrrt In current computer systems, cryp tograph y provide s a strong, e conomical
baste tor leapi ng d a te cwttte^
tatfon of Secure Systems, by Cart H. Meyer and Stephen M. Matyes, fSBN 0471-04862-5, John Wley A Sons, tea
(1982). is a classic text on toe design and ■ryterrientation of cryptographic systems, which is spedficaly incorporated
herein by reference.
For ccmrrwrciaJ business appfccabons, Ihe cryptogr aphic process known as the Date Encryption Algorithm (DEA)
has been widely adopted. The Data Encryption Standard (DES). as well as other documents, defines how to use the
DEA to encipher data. Federal information Proces si ng Standards Publication 46, which defines DES, is reprinted in the
Meyer & Matyas text Many other processes for concealing data, such as protection of passwords and personal identi-
ffcation numbers (PWs), are based the DES process. The DES algor^
processes the data. A DES Key is a very smal piece of data (56 bits) that is normaty retained in 8 bytes. The same key
is usedtotransform the original date (plaintext) to itecfisguised.erc
form. Because the DES algorithm is common Iwowtedge, one must keep the key secret to make the date confident ial ;
otherwise, someone who has the key that one used to encipher the data would be able to decipher the data. Key man-
agement refers to the procedures that are used to teep keys secret
To confirm the integrity of data, one can use the DES algorithm to compute a message authentication code (MAC).
Used in this way the DES algorithm is a powerful tool; it is almost impossUe to meaningfuly modify the data and still
2
EP0 706 275 A2
have H produce the same MAC tor a given key. The standardized approaches authenticate data such as financial trans-
actions, passwords, and computer programs.
After the MAC has been computed, rt is sent with data. To authenticate the data, the system uses the DES algorithm
to recompute the MAC; the system then compares this result with the MAC that was sent with the data. Someone could,
5 of course, change both the data and the MAC; therefore, the key that is used to compute the MAC must be kept secret
between the MACs originator and the MACs aiithenticator.
An alternative approach to data integrity checking uses a standard key value and multiple iterations of the DES
algorithm to generate a mocSf ication detection code (MDC). In this approach to data integrity checking, the MDC must
be received from a trustedsourca The person who wants to authenticate the data recomputes the MDC and compares
10 the result with the MDC that was sent with the data.
Because the DES algorithm has been used for many years, its strength has been well demonstrated. Both software
and specialized hardware can implement the DES algorithm. A hardware solution is often desirable for the folowing
reasons;
is • the algorithm requires many computer instructions to be processed
• the keys must be protected so that they can remain secret
• performance can be improved
20
H a data security threat comes from an external source, a software implementation of the cryptographic algorithm might
be sufficient; unfortunately, however, much fraud originates with Inolviduate within an organization (insiders). As a result,
specialized cryptographic hardware can be required to protect aganst both insider and outsider data security threats.
WelkJesigned hardware can do the following:
26
• ensure the security of cryptographic keys
ensue the integrity of the cryptographic processes
90 " Smit the karmaneoement activities to a weft-defined and carefufty controftable set of services
The DES algorithm, which has been proven to be efficient and strong, is widefy known; however the keys must normafy
remain secret Because toe same toy is used both to encipher the data and to otoqp^
be symmetric; it uses a sy mm etr ic key.
as In another type of cryptographic process, an asymmetric process, one key is used to encpher the data, whie a
tffter ent but corresponding key is used to decipher the data to its original form. A system that uses this type of process
is known as a pubfcc-key system The key that is used to encipher the data is widefy known, but the corresponding key
for deciphering the data is secret For example, many people who know a person's pubic key can send enciphered data
to that person con fi den ba fty. knowing that oriy that person shouto possess tte Pubfic-
40 key cryptographic algorithms have been incorporated into processes for simpifying the olstnoubon of secret keys and
tor assuring data integrity, inducing provkfng rionrepudeto
techniques are cfecussed in more detad the Meyer & Matyas text
Pubftc-key algorimms (ag. . RSA afroritwn, by Ft Flvest. A. Shamir, and L. Adteman) use a rdatvery targe key and
use even more computer fme fan tie DES afym torn. The use of a pubftc-tey system is. toerefora, often restricted to
45 sfcjrtrotowtichtwctwacteriBfa
to boto tie DES and RSA algorihrns. no practice
tog/aphic key; therefore, keeping a key secret at a cryptographic node is essential. In reel systems, however, this often
does not provide sufficient protection I adversaries have access to the cryptographic process and to certain protected
keys, they could possfofy misuse the keys and eventuafty conpromise toe system A carefully devised set of processes
so must be in place to protect and ofetribute cryptog/aphic keys in a secure manner.
Access control protects data by slowing only persons or programs with a legitimate need to access system
resources, such as a f9e, selected records or fields to a fie, a hardware devi^
Access control uses the toftowing services:
65 * Iderrffication and verification. Idenffication is the abitty to use a unique name, label, or other reference to identify
each user or program to the system venncation is the ability to provide proof that users and programs are who and
what they ctaim to be (verification is also known as "autherrbcatkxi".)
3
EP 0 706 275 A2
* Authorizatkxi. Authoo^ restricted to specif ic resources, S4Jch as
data sets, programs, or transactions. (Authorization is also known as "access controT.)
* Enforcement. Enforcement is a subsystem process of verifying the requester's authorization.
In systems that consist of multiple computers, rt is increasingly necessary for persons or programs at one system
to be able to convince persons or programs at another system thatthey are entrtted to receive
to this problem involve the following:
* using focal access controls
* using cryptographic processing to ensure the authenticity of a process
* ensuring that the authorization information is confidential
Many computer products and penprieraJs row ri^
of integrated nricroprocessors. These nwcprocessors use stored programs to provide some part of the device's function
For example, the IBM 4755 Cryptographic Adapter Is a device which includes a iricroprocessor, memory, and pro-
gramming logic mounted on a printed circuit board. Functions are housed within a tamper-resistant module, or secured
area, for protection, such as that cfscussed more futy an US. Pat Mo. 5,027,397, which is specifically incorporated
herein by reference. The IBM 4755 is a component of the IBM Transaction Security System, rJscussed in the IBM pub-
lication entitled Transaction Security System: General Information Manual and Pfenning Guide* (GA34-21374) US
Pat Na 5.048.085. and U.& Pat. Na 5,148,481. which are specffcally irKorporated herein by reference.
Typically, two kinds of memory are associated with these microprocessors: permanent (unalterable or nonvolatile)
memory tor the program; and volatie memory tor data used by the program. Permanent memory is typically Read Only
Memory (ROM), PrograrrirnaWe Read Only Memory (PROM), or Erasable Programmable Read Onry Memory (EPROM)
\*>lat§err*errio^
is removed.
Newer technologies alow the designer to use rnemory which is memory
in which the data can be changed, but the contents are retained when the power is off. Several technologies can be
used to obtain twee characteristics. Hash EPROM (FEPROM) permits areas of memory to be erased elertronicaly
and ton repiogiamnied BectrfcaJy Erasable PROM (EEPROM) permits irxfividual bytes or bits to be rewritten much
Hie RAM memory. Complementary MetaK>ode Semiconductor (CMOS) RAM with battery back-up uses little power
and retains RAM contents when system power S off.
These newer kinds of memory can be used in two ways to rmprove the value of the product
Rrst H some or afl of the microprocessor program is stored in nonvotatfe, reprogrammable memory, the program
can be changjed after the pr^
prevents pnxtoct obsolescence and protects the manufacturer from high warranty costs when errors occur.
Second, data stored in the memory can control the configuration of the product One such use Is to selectively
enable or otsable pratoct features, to this way. the manufacturer can produce a standard product and sell it for a variety
of applications which need afferent features. Users can be charged tor an upgrade to enable riew features, which wM
be higjiry profitable to the manufacturer sirce no new hai^
There are many circumstances which woutirnatett advantageous
subset of tie total popufaion of deuces. The reason may be to pnww* appfytog an upgrade twt is tocornpaftie wit)
theunoertyirvr»nfcm W
toe manufacturer may want to apply the upgrade onV to devices whkh have:
* a particular modal number
* a manufacture date within a particular range of dates
* a particular version of software installed
* a certain ranges of serial numbers
* a specific combinations of features
ri is easy to see why this kind of Thereisasip/tficant
inrperfrnent to its use, however; security.
EP0706 275A2
Both the manutecturef and user want to be sure they have control over prolan* that are loaded into the memory.
The manutactijrer may want to make sure only its programs are used, to ensure the programs meet quality and per-
formance standard*. The manutacturer may also want to prevent anyone from learning how the software works, or what
trie data is that is being sent to the user. The user, on the other hand, wants to make sure the programs in the devices
5 are valid, and prevent any that might rriartunction, or which might pose a security threat An example of a security threat
would be a Trojan horse" program which would normally operate conectry, but which had "secret" features to rircurnvent
the user's security practices, or to divulge the user's secret infcxmation.
Typically, there wil be one source for ail field upgrades to code or configuration data, although other scenarios axe
possible. For the purposes of discussion, assume that the device manufacturer is the onry vaid source of code or data
10 updates; and the device is a security adapter card, wrmasecured area rxmocMe where
The problem can then be described with two fundamental requirements:
Frst, data sent to the user must be kept secret rt must be imposstote tor anyone to discover or modify the contents
of the data.
Second, the user must be able to verify that the data came from the valid source (ag., the manufacturer). This is a
15 form of rx>n -reputation.
SUMMARY OF THE INVENTION
The present invention overcomes the disadvantages and Bmrtations of the related art by providing an apparatus and
20 method for secure dfetribution of software, software updates, and configuration data. Cryptography is used to protect
software or data updates sent to computer products or peripherals using non-secure rjstribution channels. In the pre-
ferred errtxxfiment. the contents of the data cannot be read by anyone who obtains the data, and the data wi not be
accepted unless it is unmodffied and originated with the vaid source for such data.
An advantage of the invention is to provide an apparatus and method tor secure distribution of software, software
26 u pda te s, and configuration data.
Another advantage of the invention rs to provide an apparatus and method wherein data stored in memory controls
the configuration of a product so as to selectively enable or disable product features,
tot another advantage of the invention is to provide an apparatus and method wherein data stored in memory
controls the acceptance or rajeclion c4 proposed data for a product
so The foregoing arid otier advert
hand^techriotogy toviewof tte
BRIEF DESCRIPTION OF THE DRAWINGS
36 FIG. 1 is a block diagram depicting a computer system and associated cryptographic system, wherein an eniarge-
ment of an ernborjment of the cryptographic system is broken out
FIGL 2 is a block diagram of an errfcorjment of the invented apparatus for secure rJstributton of software, software
updates, and configuration data enptoying pubic key cry^^
FIG. 3 is a flowchart of an errtwcSment of the invented method tor secure cSstribution of software, software updates,
40 and configuration data employing pubic key cryptography.
FIG 4 is a btock rJagram of an errtxxSment of tie invented apparate
updates, and configuration data errptoying pubic key ayptography and symmetric toy cryptography.
FIG5isaftowchartof anerrtodm
and configuration date enyta yirg c ry pto gra phy ar«l
46 RG6isadapctionofaftBrta
DESCRPTION OF THE PREFERRED EMBODIMENT
Referring now to FIG 1, a computer or computer system 10 is shown which includes a cryp to gra ph ic system 12
50 comprising a rrtcroprocessor 14, memory 16. and cryptographic functions 18 mounted upon a device or adapter card
20. The microprocessor, memory, and cryptographic functions are housed within a secured area or module 22.
As shown rt FIG 2, a pubic key KPU is instated in the adapter card 20. Cryptographic system 12 includes the
pubic key algorithm (e.a, RSA). The oorrespondto g private toy KPR would be held by. tor example, the adapter card
manufacturer, in a secure, secret manner so rt would never be disclosed outside the rnanufacturer'B organization. Pref-
55 erabry. the data is protected twofold:
Frst as shown in FIG 2, data. D, is encrypted by a pubic key cryrjtographic system 24 using the private key, KPR,
or as shown in FIG 4, data is encrypted by a symmetric key cryptographic system 25 usr?
provides the necessary secrecy; the data content cannot be determined by anyone intercepting the data, and any mod-
ification to the encrypted data wil render it invalid.
5
EP0706275A2
Second, in FIGS. 2 and 4, a digital signature on the data is computed and sent to the adapter card users using a
rjgrta! signature generator 26. This sigriature is verified before the data is accepted by digital signature verifier 28. which
can be a component of cryptographic function 18 or a separate function as shown. Preferably, cryptographic function
18 include both a public key cryptographic system 18a and a symmetric cryptographic systern 18tx A verified cfgrtal
signature proves thai the data has not been altered since its creation, and proves that the originator was, in this example,
the manufacturer.
Two embodiments of the invention are descnbed below.
The first tour steps in FIG 3. are performed by the manufacturer, who sends the resulting data to the users. The
remaining step6 are performed by the user to load the data into the adapter card.
The rnerurfacturer first generates the data to be loaded into the adapter cards in step 100. This data is designated
D. The manufacturer already possesses private key KPR, and the corresponding public key KPU is with every adcpter
card manufactured. The key KPU may be embedded in the adapter card, or may be suppled externally on a diskette or
-other medium if ^ certification process). It does not need to be kept secret
in order to maintain integrity of the loaded data.
In step 1 10, the manufacturer computes a cfigrtaJ signature on the data D using the private key KPR The use of the
rJghaJ signature is optional. Hs use enhances the abiity to prove the source of the data, but the data can be distributed
successful without a signature. The cfigrtal signature function Is represented as dsigO. The signature wOl be verified
before the data is accepted by the adapter card, assuring it came from the manufacturer in this example.
In step 120, the data D is encrypted using the private key algorithm with key KPR. This protects the data from
disclosure or mrjrjficatfon prior to its installation to trie adapter^
algorithm, such as the RSA algorithm.
The mantrfacturer, in step 1 30, sends the encrypted data pke(D) and the digitaJ signature dsJg(D) to the card users
through any convenient channel; ofekettes. electronic mail, or any other medium is sufficient The user receives this
irtorrnetion, and toads the data and signature into the secured area of the adapter card in step 140.
tnstep150,t>eadtapterdeciwte
step 160. the rjgjtal signature is verified using the same key. rf the signature verifies, the data is genuine rod it can onty
have been created by the manufacturer, who holds the private key KPR. Once the data has been decrypted and its
vairJty has been d e te rmined, the data is applied to the nonvotatie memory in the adapter card, step 180; otherwise,
the information is rJscarded. step 170.
Only the private key KPR needs to be kept secret The pubic key KPU is present in every copy of the device, and
there is no security exposure if its value is drvuiged. The native of the pubic key algorithms guarantees that the private
key cannot be determined from the public key. and that vaW data cannot be generated wrth knowtedge of the pubic key
atona
LtejQOBuj^
AKerrwtrvery, the data can be encrypted using a symmetric key cryptographic algorithm (ag.. DES) tostead of the
pubic key algorithm used above. With current technology, symmetric key al g orithm s are generaty faster to compute
than pubic key aJgoritm^
each feme new data is produced.
As shoan to step 200 of RGl 5, tie menufacforer generates the date D to be sent to the tostaled cards in tie fiekt
In the step 210, a random syninein atgoritwn key det ignaiud KS is generated The users do not have toy KS, so tie
manufacturer must sent i to them in a secure manner. In step 220. KS is encrypted win a pubic key afpo ri ftm using
the private key KPR
In step 230. the manufactorer computes a rfgferf signature over the data D. and in step 240 the data is encrypted
using the symmetric key algorithm wfth key KS. The encrypted KS. the encrypted data pke(D) and the cfgrtal siojiature
cfcig(D) are al sent to the user in step 250.
In step 260, the data is received at the user site where adapter cards are instated. The data is loaded into the
secured area of the card, which contains the pubic key KPU to step 270, KPU is used to decrypt the syrnrnetric key KS
using the public key algorithm, to step 280. the recovered KS is used to decrypt the data using the symmetric key
algorithm
In step 290. the rJgrtaJ signature is vetfied ustog KPU to rjrder to verify tte
it means that both the data D and the key KS were vaid; in this case* the data is loaded into the rwvoiafle rnernory on
the adapter card and enabled tor use, step 310. Otherwise, the date is dtecarded or o
calculations are preferably rjerforrned inside the secured area, so there is no threat of data manipulation write the data
is recovered and venhed.
6
EP0706 275A2
Wrth either method descri>ed above, other checking codes couW be used as an after native to the cSgita) signature.
An MDC, cyclic redundancy check (CRC), or any other vafid checking code could be calculated ever the data and
appended to the data before it is encrypted. Once the date has been decrypted in the adapta
this value could be verified against the recovered data. H rt verifies, the data is correct and originated with the hotter of
5 the private kByKPR.
L&ftfl! information in the data as decision criteria
Once the data has been loaded into the adapter cant the decision of whether to penrrt the to be ernployed
10 can be made a function of information anoVor instructions contained within the data itself.
Inoneerrtxxfment software contained in the device is used to compare "criteria information" in the data with "basic
information" already contained in the device. Examples of such basic information include:
* serial number
15
* model codes
* date of manufacture
so * version of software currently installed
* codes describing instated or avaiabte features
The basic information in the device is stored in memory (inducing hardware registers, permanent software, or resident
loadable software). The criteria information is preferably Included in the data in tabular form, tor example, as shown in
FIG. 6. The data, and therefore the criteria information, is securely dtetr to u ted in the manner desenbed in the previous
sections herein. Control software within the device examines this table and comp a re s it to the approp ria te basic infor-
mation in order to decide whether to appfy the data.
The pseudocode in Table 1 is an example of how the criteria information from the table would be processed. Each
item in the table would be compered wfth tie appropriate basic irriormatto
7
EP0706 275A2
of the conparisons woM be used to determi ne whether the date should be appSed to ^
TABLE 1
w
Load_Permitted = FALSE;
If SN_Min <= SN <= SN_Max then Do;
If DT_Min <= DT <= DT_Max then Do;
If Min_HW_Lvl <= HWLvl <= Max_HW_Lvl then Do;
If Min_SW_Lvl <= SW_Lvl <= Max_SW_Lvl then Do;
is Get Feature_Vector;
I f - a 11 ~ Fea t ur es~Requ ired~f ea t ur es~ are~pres ent then Do ;
If no Features_Prohibi ted features are present then
" ~~ Do;
If Model_List is empty then Load_Permitted = TRUE;
Else do While Model_List not empty;
Get Test_Model from head of Model_List;
If Test_Model = model of this device
then Load_Permitted = TRUE;
If Load Permitted = TRUE then load data to memory;
Else Abort loading process
20
$0
SN_Min and SN_Max are the lowest and highest serial
numbers the device can have for the data to be
valid. In the pseudocode in Table 1, the serial
number for a specific device is designated SN.
46
SO
66
8
EP0706 275A2
* DT_Min and DT_Max are the earliest and latest dates
the device can have for the data to be valid, e.g.,
the manufacturing date, the microcode creation date,
or some other date code. Several different dates
could be compared if desired. In the pseudocode in
w Table 1, the date code for a specific device is
designated DT.
15
* MlnJHw_Level and Max_HW_Level are the lowest and
highest hardware levels the device can have for the
data to be valid. This represents the version of
hardware in the device. HW_Level is used in the
p^u4oco€le~t:6ricepreBent a particular device's
hardware level .
* Min_SW_Level and Max_SW_Level are the lowest and
26 highest software levels the device can have for the
data to be valid. This represents the version of
software in the device prior to application of the
data. SW_Level is used in the pseudocode to
30 represent the particular device's software level.
* Features__Requlred and FeaturesProhibited are
x vectors of boolean values. They represent the
features the device must have for the data to be
valid, and the features the device must not have for
the data to be valid. In the pseudocode,
40 FeatureVector represents a vector of boolean values
representing the features present in a specific
device.
m * Model_List is a list of product models which axe
valid targets for the data. An empty list can be
used to indicate that the data is valid for all
go models. Otherwise, the device looks for its own
model code in the list; if it is not present, the
data will not be applied.
65
In an afternatrv* erTixx*ment one inptementation of which rs llustrativery shown in pseudocode in Tabie 2, the date
rtselfajntare special software Tche^
and therefore the checking software, is securely ( fi strfb u ted in the manner descnbed in the previous sections herein.
9
EP 0 706 275 A2
This checking software is not a part of the operational software used in the everyday application of the device. The
additional checking software may be optional; if present, it is called by the control software which resides in the device,
and it determines whether the data should be applied. The same checking software can also contain special initialization
instructions to prepare the device tor the new software or data contained in the data.
5
TABLE 2
If checking software present in the data then Do;
Load checking software;
Verify checking software is valid;
16 Abort if invalid;
Execute checking software;
If result = "ok to load data" then Do;
& Get data;
If data is valid
Then load data to memory;
Else abort
25
ao This embedment is more ftewbte than the first embociment since its functions ace not imfted to a set conceived by
the initial device designers. Functions can be added w*h any data updale, svnpry by rjhanging the checking program.
In operation, this entfxjcfimenl can be umifcined wfch the first einbodhiiunt. A fixed set of checking functions can be
permanency stored in the device, with adtftiunul functions contained in the checking software portion of the data.
The taction performed by the checking software is completely up to the designer of that software Its functions
as would typically be similar to those described for the fast embociment but could include any checking or initialization
deemed necessary by the designer.
A samflar approach can be used to provide optional software that would be executed wwn e c fate ly after the data is
loaded. This could perform initialization necessary to prepare the updated dance tor use.
Of course, nrarynrioofficati^
40 tng from the spirit of this invention. Further some features of the present invention could be used without corr esponrjng
use of other features. Accordingly, this de scri ption should be considered as merely lu6trative of the principles of the
present mveneon ana not si ■mnanon mereof.
FunfrieniwrecfectDScd is:
46 1. A method of securely controttng the configuration of a cornputer system so that features of the system may be
conveniently enabled or dsafated, said method rcJudaiy the steps of:
providing memory which is located wfttrin a secured area which is protected from physical and cfrect electrical
executing a program which requires specific information to be stored in the memory to permit the use of specific
60 features of the system; and
updating trie 6pecifcintom
2. The control ing method of item 1 inducing the additional steps of:
encrypting the data at the other cornputer system under a first key of a pubic key encryption system; and
66 decrypting the data within the secured area win a second key of the pubfic key encryption system
3. The contrrjling method of daim 22 inducing the addrtional steps of:
generating a symmetric key tor use with a symmetric cryptography algorithm;
encrypting the data under the generated symmetric key;
10
EP0706275 A2
encrypting the generated symmetric key under a first key of a pubic key encryption system;
transferring the encrypted data and the encrypted symmetric key to a processing system which is located within
the secured area;
decrypting the received symmetric key within the secured area with a second
5 decrypting the received data within the secured area under the decrypted symmetric key with a symmetric cryptog-
raphy algorithm; and
storing the decrypted data in said memory.
4. The loading method of item 3 wherein
io the fret key is a private key used with said public key encryption system.
5. The loading method of item 3 or 4 wherein
the second key is a pubic key used with said public key encryption system
is 6. The controlling method of one of items 1 to 5 wherei n
the executed program is included in the data originating from the other computer system.
7. The controling method off one of ftems 1 to 6 wherein said specific information corresponds to at least one of the
following:
20 serial number of the computer system;
model number of the computer system;
date of manufacture of the computer system;
version of software currently installed In the computer system; and
codes describing instated or avaiabte features
25
8. The controHing method of one of items 1 to 7 wherein
the features of the system are related to software updates included in the data onginattog from the other computer
system.
30 9. A method of securely centre ing the enablement of data loaded in memory within a secured area of a device,
said method inducing the slope off:
providtog information wfthin said memory leumsatting at least one characteristic related to said device;
providrig criteria information within said data to be coopered with said at least one characteristic;
cornpertog said criteria it** nation wrth said at toast one characteristic; and
36 enabang said data to be used within said device » said at least one characteristic meets said criteria information.
10. The controling method of item 9. wherein
at least some portion of said cornpenng step fe
40 11. The OTrtroling method of item 9 or 10. wherein
said characteristic information conesponds to at least one of the toiowing:
serial number of tie d e vic e ;
model rumber off toe device;
45 version of software currenty rotated in the device, and
codes describing inst ated or aveAabfe feature*.
so 1. A method of transferring data into a secured area, said method including the steps of:
encrypting (120) said data under a first key of a pubic key encryption system (24);
transfermg (130) said encrypted data to a processing system which is located within said secured area;
decrypting (150) said received data wfthin said secured area with said pubic key encryption system (24) under a
second key; and
55 storing said decrypted data within said secured area
2. The methrjdrjf claim 1. wherein
said transferring data into a secured area is a loading data into at least some portion of memory which is located
within said secured area, and
11
EP0706 275 A2
said secured area is protected from physical and direct electrical access, thereby guarding against undesired detec-
tion of said transterreded data.
3. A method of toadng data into at least some portion of memory which is located within a secured area which is
protected from physical and cfirect electrical access, thereby guarding against undesired detection of said loaded
data, said method inducing the steps of :
generating (210) a symmetric Key (Kg) tor use with a symmetric cryptography algorithm;
encrypting (240) said data under said generated symmetric key (Kg);
encrypting (220) said generated symmetric key (Kg) under a first key of a public key (Kpy) encryption system;
transferring (250) said encrypted data and said encrypted symmetric key (Kg) to a processing system which is
located within said secured area;
~ decrypting (270) said received symmetric key (Ks) wrthin said secured area with a second key of said pubic key
(Kpy) encryption system;
decrypting (280) said received data within said secured area with said decrypted symmetric key (Kg) with a sym-
metric cryptography algorithm; and
storing said decrypted data Into said at least some portion of memory.
4. The method of one of claims 1 to 3, wherein
said first key is a private key (Kp^) used with said pubic key (Kpy) encryption system.
5. The method of one of claims 1 to 4. wherein
said second key is a public key (Kpy) used with said public key (Kpy) encryption system.
6. The method of one of claims 1 to 5, wherein
said public key (Kpy) is stored within said secured area.
7. The method of one of claims 1 to 6 further inducing tie step of:
adcfng a code to said encrypted data which is to be transferred for the rjurposetf
beating said encrypted dafta.
& The method of claim 7 wherein
said code is selected from said group consisting of a rJgrtaJ signature, a modffication detection code (MDC), and a
eyefic redundancy check (CRC).
a The method of claim 7 or 8 further inducing the step ot
authenticating said decrypted data; and
enabling said decrypted data to be used if said decrypted data is authentic; otherwise, not enabing said decrypted
10. A system for securely hoking data, said system comprising:
memory means located wrthin a secured area which is protec te d from physical and drect electrical access;
meon6 tor proving a pubic key (Kpy) wrthin said secured aree;
means wfthin said secured area tor receding ctate encrypted by a corrpeponcing private kpy (KpyJ; and
means wdhin said secured area tor decrypting (150) said received data under said pubic hay (Kpy).
11. The system of daim 10 wherein
said decrypted data provides a symmetric toy 0^.
12. The system of deim 11 inducing:
means within said secured area for receiving data encrypted by a symmetric algorithm under said symmetric key
(Ke):
means for decrypting (280) said data under said symmetric key (K^ provided by said decryption under said pubic
key (Kpy); and
means tor storing said symmetric key decrypted date in said memory mean&
13. The system of one of claims 10 to 12 further inducing
means tor analyzing a code received by said system to authenticate said data received.
12
EP0706 275A2
14. The system of claim 13. wherein
said code is selected from said group consisting of a dicjtaJ signature, a modification detection code (MDC). and a
cyclic redundancy check (CRC).
15. A method of securely control! rig the configuration of a computer system (10) so that features of said system may
be converientty enabled or disabled, said method inducing the steps of.
providing memory which is located within a secured area which is protected from physical and direct electrical
access;
executing a program which requires specffic information to be stored in said memory to permit the use of specific
features of said system; and
updating said specific information with data decrypted from encrypted data originating from another corrputer sys-
tem.
16. A method of securely controfling the enablement of data loaded in memory within a secured area of a device, said
method inducing the step6 of:
providing information within said memory representing at least one characteristic related to said device;
providng criteria information within said data to be compared with said at least one characteristic;
comparing said criteria information with said at least one characteristic; and
enabling said data to be used within said device if said at least one characteristic meets said criteria infor m ation.
13
EP 0706 275 A2
FIG. 1
14
EPO706275A2
15
EP0706 275 A2
FIG. 3
140
RECEIVE AND
LOAD TO
SECURITY CARD
150
DECRYPT pke(D)
160
DIGITAL
SIGNATURE
VERIRED?
YES
170
DISCARD
INFORMATION
180
X.
100
«£_
GENERATE
DIGITAL
INFORMATION (D)
pke(D)
+
<«9<D>
110
GENERATE
DIGITAL
SIGNATURE
<«9<D>
120
ENCRYPT
D WITH Hp
130
s
TRANSFER
dsig(D) AND pke(D)
TO USER
-r
RETAIN
INFORMATION
16
EP 0706 275 A2
17
EP 0706 275 A2
FIG. 5
260
RECEJN
LOAI
SECURT
fE AND
) To-
ry CARD
270
v ■■ '
DECRYPT pke(Kg)
wrm fy,
280
N
DECRY!
WIT
*Tse(D)
HKs
NO
290
DIGITAL
SIGNATURE
VERIFIED?
YES
300
DBCARD
INFORMATION
310
RETAIN
INFORMATION
200
zi_
GENERATE
DIGITAL
INFORMATION (D)
210
GENERATE
SYMMETRIC
KEY
(Kg)
pke(K s )
+
se(D)
+
dsig(D)
220
ENCRYPT
K 8 WITH Kp,
230
GENERATE
DIGITAL
SIGNATURE
dslg(D)
240
/
ENCRYPT
D WITH Ks
250
TRANSFER 8e{D),
pke(K s ),AND
dsJgP) TO USERS
18
EP 0706 275 A2
S
UJ
CO
5
Z
_J
<
oc
LU
CO
3
UJ
a
— 1
1X1
oc
CO
I
LU
<
X
u_
O
o
LU
LU
O
o
or
<
O
CO
I— UJ
Z (0
LU LU
CO
UJ
oc
CL
LU
CD
OC
o.
LU
CD
5
1
Ol
oc
o
UL
UJ
o
o
CO CO
UJ LU
OC oc
% I fe
a a co
Li- Li- —I
S £ 2 £
1 I 1 J 1 1 I
3
CO
I
3
X
a'
S
X
I
CO
JO
2
I
oc
<D
CO
I
2
Q.
9
s
CO
_l
CD
O
2
19
i
i
?